hxxps://www[.]jotform[.]com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
1500	msedge.exe
1500	msedge.exe
1884	identity_helper.exe
1884	identity_helper.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 4328	1500	msedge.exe	82
PID 1500 wrote to memory of 4328	1500	msedge.exe	82
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 4796	1500	msedge.exe	83
PID 1500 wrote to memory of 2168	1500	msedge.exe	84
PID 1500 wrote to memory of 2168	1500	msedge.exe	84
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85
PID 1500 wrote to memory of 2952	1500	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fff5b8946f8,0x7fff5b894708,0x7fff5b894718
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5c057a19c4f34bacd0bb70f31203221e

SHA1
a5d217064c9d9b3370b54dbd85854dbac4175d49

SHA256
ae5cd395bc97aef53dc5cbcff177c69835d1ac0a8058023d22cec2827fd1b3ee

SHA512
7f803134ca90fc282e2bc12d02ec8b5aeeb4dfe0916dad5c3007db543103c5ffd9f0508ee5a69f9cbd9b2b4ef9191dd50cbbea5805da9f9b9bafd8692fecb380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
603B

MD5
43ca8ef38000b9e976ee5649541bbc16

SHA1
b2601716f88b1a996d1032a0261052898e8498a6

SHA256
dd7f93116e2dc9c99ded879a44371d6ba2012e6e1ead61c30a44431be7f10571

SHA512
41cc28e1745f0cc78b8e6fd93877e3f253fc131bd50a1147032227646b762d67b1bcf07f9d3d3ee9ada729882aa38e0f9b1182351ad9e825bbd9a16629649318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2644976d20f09d192a0c7c351c8e3de9

SHA1
dbaa3dd55ee434f2f84293ebe87f278a131e55e8

SHA256
1addec06bb7dd267de5d71761bf10087f1d17640b57b30f16596b796c5ef4aea

SHA512
37cccf3c52ce2f46568cc0c5822d6648ea732ef2017fcc19562abc584e42735960af893fa4a7f6aec38f796dfcd845ac1f84e9d9ae3ad5276b6f2a753a901d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a22f5c28a13fe3251e4a142b172508c2

SHA1
2459943c37fdc47c323cdaed6ea8d7b380157043

SHA256
a5f7a1bff5eb206737aa8ee84ec473d434253d05b8cf283e505c94681a66f327

SHA512
3783ca9af7d2200e23aa95596f188f804c561c71c8be69b82b72c889c190957796fb630dc81746ffc3c4bbe84c74c567ccd8e9ccfabd7c196027b0edb34d3ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
36b69cb968d878078f58a4334c7f82cc

SHA1
83d3b702358d83225ae8c72b184e62859824f62d

SHA256
bbbd4f1d46a717589d53b8fd74ece1b8abee630ed3a7117606317508c903763a

SHA512
46d9736ae5ce92efb49abab378b26ed2a9641460a35742fae6580e7efc11c60cf57e08d99df8c59b4cb126d36eef13e9353353695181d96ba2002405fe1e0144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582611.TMP

Filesize
538B

MD5
1232d3497407e5bb8a4272ce51289383

SHA1
330e66c2a74f7dfb465750e91d77d0f465999c36

SHA256
a2400aaad5c0f07ac06558d7ad3b5dba3bb0fafb16d6b39af27ec2e83d59f70d

SHA512
790df0e4ae5e475ea26baae09e3280dba532f97c279e1ba6d97b84c251c1d81a85b76de8463f0424699fb2ff495ce7d36d59629f504c80c942f49822f966bfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fbb03c82e01692a045d19a92e4c27e8f

SHA1
05c571b3e7c5427c832f6d9355d1e8565183a137

SHA256
c80fd9718f72e4895d56a10ba6df60e359c807c4d38ec6f91904c72e164c6b1d

SHA512
d6dcf0df13dd658b392d2b0db9f5bedff212f236ae6c9ce57c852064c51c4a087d8883d849f2fa07b31f40105779606fe2dfe54947b2b64f61fc38b16421299a

Download Submit